Security

Reply
Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

Guest network and skype problems

Hi all, I have a guest network configured which directs users to a web filter for authentication, using a pac file for the proxy settings.

 

Users on mobile devices, Ipads, samsungs etc can authenticate fine and http/https works fine.  Problem comes with apps like Skype which seem to direct all traffic directly to the firewall which blocks them as they have not originated from the web filter.  Any suggestions ? No problems with laptops as they seem to encapsulate the traffic correctly and are directed via the web proxy.

 

Thanks

ACMA/ACMP
MVP
Posts: 226
Registered: ‎03-03-2011

Re: Guest network and skype problems

I would think this is a Skype issue. Try changing the settings within Skype (Windows screenshot below):

 

Capture.JPG

 

You can't really do anything on the controller to force this.

David
ACDX #98 | ACMP | ACCP
Guru Elite
Posts: 8,182
Registered: ‎09-08-2010

Re: Guest network and skype problems

As a test to try and eliminate some variables, can you manually configure the proxy under the WiFi seetings of one of your mobile devices and see if it works?


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

Re: Guest network and skype problems

Hi, thanks for the replies. Indeed on a windows machine it works fine, i'm guessing that the additional settings required are in the windows settings.

 

If we add the proxy address on a mobile device still the same issue.

 

Same problems with apps like facetime and in particular samsung updates, these all seem to bypass the proxy.

ACMA/ACMP
Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: Guest network and skype problems

This is a common problem with proxies and mobile devices.  Even if you manually put in the proxy settings into the device, a lot of applications won't use it or it might be the case they don't have permission to read the settings.

 

You will drive yourself crazy trying to fix this.  The best way is to use a transparent proxy.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

Re: Guest network and skype problems

Hi, we are using a transperent proxy.   Problem with these applications is they seem to be forwarded to the firewall and are not hitting the proxy.    these are the access lists i have in the guest role

 

user-role guest
bw-contract 10MBLimit per-user upstream
bw-contract 10MBLimit per-user downstream
vlan 53
access-list session WPAD
access-list session Skype
access-list session Webmail
access-list session gmail
access-list session TransparentProxy
access-list session dns-acl
access-list session Android
access-list session tcp5228
access-list session dhcp-acl
access-list session PaperCut
access-list session ProxyAccess
access-list session GuestDenyHTTP
access-list session DMZHttpHttps
access-list session icmp-acl
access-list session http-acl
access-list session v6-http-acl
access-list session https-acl
access-list session v6-https-acl
access-list session v6-dhcp-acl
access-list session v6-icmp-acl
access-list session v6-dns-acl

ACMA/ACMP
Aruba
Posts: 1,285
Registered: ‎08-29-2007

Re: Guest network and skype problems

ok.  The problem I have seen on a number of deployments now is that when you manually put in the proxy settings into the device, like iPhone iPad, system apps like Safari work, but many many other 3rd party apps don't use these proxy settings, and fail.

 

I suspect what you are seeing is similar in that they are ignoring the proxy settings obtained from the pac file.

 

How we got around that is for the upstream firewall to do the filtering, or for it to dst-nat to a transparent proxy.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Frequent Contributor II
Posts: 127
Registered: ‎12-19-2012

Re: Guest network and skype problems

Michael, thanks for the swift reply.   The issue with Skype is that it uses random ports I believe meaning the firewall will be wide open.  Seems this may be a more serious issue than I first thought.

ACMA/ACMP
Search Airheads
Showing results for 
Search instead for 
Did you mean: